-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi
On Tuesday 1 March 2011 at 1:54:25 AM, in <mid:4d6c51d1.6030...@fifthhorseman.net>, Daniel Kahn Gillmor wrote: > However, i'm quite serious about the flaws paralleling > the failures of NSEC3 to prevent DNS zone enumeration. > the problem space is slightly different, but i think > the math comes out about the same in terms of the cost > of trying to brute force these things. > Ultimately, i think Hashed User IDs provide only weak > benefit against the equivalent of zone enumeration > through the keyservers (which is presumably the goal), > so understanding these arguments and providing a > convincing refutation of them (or outlining an entirely > different benefit) is probably the first task someone > would need to take on. My analogy, admittedly not a direct comparison, would be having a phone number that is ex-directory. It is no defence against random dialling, nor against your number being recorded from outgoing calls if you don't take steps such as withholding the CLI, nor against somebody who has your number passing it on without your permission. Despite these failings there is still benefit in being ex-directory. > Having a hashed User ID alongside your non-hashed User > ID provides no benefit at all Those of us who use different email addresses with different contacts (and/or periodically change email addresses) might generate a hashed user ID for each email address, maybe with a non-hashed user-id for our name. Similarly with role-based user IDs, a user might have their name in a non-hashed UID but use hashed UIDs for their roles. - -- Best regards MFPA mailto:expires2...@ymail.com Is it possible to be a closet claustrophobic? -----BEGIN PGP SIGNATURE----- iQE7BAEBCgClBQJNbZfYnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pw4wD/1R0 qopVlkQLWTmidAyoAZeFOqgVmGTh40Ppu2nN49qq19+VZUFllAf/QcZw8+x3sWjh TRdvLlMbvHRCtw6pqbWayW4aRN3NnMpWtUZnqnyEaErtGic8XgrD9O963dIcMvHd kmNIf28PN774kNydUgF1hKyhBq6m/JAJ4BbCdQKV =l3Bc -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users